RE: Trouble configuring Apache/mod_ssl to satisfy these requirements...

Tue, 15 May 2001 01:26:57 -0700 

> -----Original Message-----
> From: Kingsley Kerce [mailto:[EMAIL PROTECTED]]
> Sent: 14 May 2001 19:34
> To: [EMAIL PROTECTED]
> Subject: Trouble configuring Apache/mod_ssl to satisfy these
> requirements...
> 
> 
> Can Apache, outfitted with mod_ssl and mod_dav, satisfy the following
> requirements?
> 
> A particular author's content is readable via a URL such as
> http://host.fsu.edu/[author]/
> where [author] is one of up to about 1,500 names.
> 
> Content is writable to that location by an HTTP-Authenticated author
> using DAV (www.webdav.org).  All HTTP methods other than GET, HEAD,
> and OPTIONS (i.e. the methods that modify content) occur via SSL,
> because those methods shall require HTTP-Authentication and the
> requisite password transmission must be secure.  The URL would appear
> as
> https://host.fsu.edu/[author]/
> 
> Each author has a staging area for content that is read-writable only
> by the HTTP-Authenticated author, via a URL such as
> https://host.fsu.edu/[author]/staging/
> 
> Miscellaneous:
> No Unix UIDs will exist for authors (DAV requires all files to be
> owned by the server process).
> 
> Is there a configuration that will satisfy all of the above?
> 
As far as password transmission is concerned, that is secure anyway since it
is being sent through an SSL connection (even if the browser doesn't display
a padlock until username/password is entered). 

I think what you need is to use mod_rewrite to give read only access to the
http connection on those pages (ie barring GET, HEAD, OPTIONS etc) and to
request authentication for the https connection (and thus allowing
read/write as you specify).

Have a look at the mod_rewrite information in the Apache manual for more
details. Also, Ralf gave a lot of detail on the use of mod_rewrite with
mod_ssl in his presentation to last years ApacheCon. This is still online at
http://www.modssl.org/docs/apachecon2000/, particularly slide 21,
http://www.modssl.org/docs/apachecon2000/slide-021-n.html

- 
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] 


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to